WO2009072849A2

WO2009072849A2 - Card having flash memory and display, reader of reading the card, paying method using the reader and card, art card and dispaly using the art card

Info

Publication number: WO2009072849A2
Application number: PCT/KR2008/007233
Authority: WO
Inventors: Young Sun Cho; Sue Hee Park; Jin Man Chung
Original assignee: Slimdisc Corp.
Priority date: 2007-12-05
Filing date: 2008-12-05
Publication date: 2009-06-11
Also published as: KR20090058758A; WO2009072849A3

Abstract

According to the present invention, a card includes a magnetic card track and smart card COB for performing at least one of functions of a bank card, a stock exchange card, a transportation card, a point card and a membership card, and a flash memory COB for storing digital information. The magnetic card track, the smart card COB and the flash memory COB are separated and mounted in a single card, is provided with display means, thus functioning as electronic money.

Description

Description CARD HAVING FLASH MEMORY AND DISPLAY, READER OF

READING THE CARD, PAYING METHOD USING THE READER AND CARD, ART CARD AND DISPALY USING THE

ART CARD Technical Field

[1] The present invention relates, in general, to a smart card having flash memory and display means, a reader for the smart card, and a Digital Rights Management (DRM) method using the smart card and the reader, and, more particularly, to a smart card having flash memory and display means, a reader capable of either recording digital information in the flash memory included in the smart card, or reading recorded information from the flash memory, a DRM method using an application program that is executed in a personal computer functioning to record or read information while mutually exchanging information with the reader depending on the manipulation of a user, and an electronic commerce method of reading information from the smart card using the reader and connecting information of the smart card to the Internet.

[2] That is, the present invention relates to a method in which large-capacity flash memory and a display means, as well as a smart card Integrated Circuit (IC), is provided in a typically used smart card, so that a smart card can function both as a single credit card and as a medium capable of storing various types of digital information and displaying the information through the display means, and so that digital information stored in the flash memory is protected using the unique information of the smart card, and relates to an electronic commerce method in which a reader reads the information from the smart card and connects the read information to the Internet. Background Art

[3] Generally, a smart card stores therein information about authentication, a credit card, a payment account, etc., thus being usable as a transportation card, a credit card, a check card, a One Time Password (OTP) generator using a display means, etc. In addition, a smart card may be used for typical banking operations such as account inquiries, account transfers, and bank withdrawals.

[4] Meanwhile, the functionality of portable devices, such as an MPEG Audio Layer-3

(MP3) player, a Portable Multimedia Player (PMP), and a digital camera, has gradually been becoming diversified and increasing, and the storage capacity of portable devices has also increased to enable the storage of various types of content.

[5] For example, when a video capturing function is performed using a digital camera, a larger storage capacity is required to capture video, compared to the capturing of still images.

[6] A structure in which a large-capacity storage space required for such an additional functionality is included in all portable devices may cause problems in that it not only becomes a cause of increasing the costs of devices, but also forces a user who does not need such an additional functionality to purchase the devices after paying unnecessary costs.

[7] In order to solve these problems, manufacturing companies which manufacture portable devices such as an MP3 player, a PMP, and a digital camera intend to fix the size of memory provided in each device to a predetermined size, to mount a separate memory card in the device, and to extend the size of the memory at the request of a user.

[8] However, as portable devices get diversified and various types of memory cards are applied to the portable devices, a user having various portable devices undergoes inconvenience in that he or she must individually prepare various types of memory cards (for example, a Secure Digital [SD] memory card, a Smart Media Card [SMC], a Multimedia Card [MMC], a memory stick, a Universal Serial Bus [USB] disc, etc.).

[9] Further, there are problems in that, when such a memory card is lost or stolen, information contained in the memory card is exposed to the person who has acquired the memory card, so that important personal or secret information may be easily exposed, thus resulting in considerable secondary damage, and allowing content, purchased by paying the costs, to be easily used by the person who acquired the memory card without paying the costs.

[10] In addition, there is a problem in that, since personal information is not recorded in a memory card unless it is specially recorded in the memory card, the person who has acquired the memory card cannot easily return the memory card to the owner who lost the memory card even if the person intends to return the memory card.

[11] Meanwhile, although Internet banking/stock exchange and Internet Electronic

Commerce (EC) have been universalized with the popularization of computers, the amount of money usable for financial transactions is limited in spite of the use of certificates due to worries about hacking or the like. Such an EC method is problematic in that, even if there are several payment service institutions, several steps of procedures are required to pay an amount of money above three hundred thousand Won. Accordingly, there is a need to overcome such problems by transferring a certificate stored in a memory means to payment institutions by way of computers according to the present invention. Disclosure of Invention Technical Problem

[12] Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and an object of the present invention is to provide a smart card having flash memory and display means, in which the flash memory and the display means are included in an existing smart card and which is configured to provide storage space for digital information as well as the function of the smart card itself, to encrypt information to be protected using the unique information of the smart card (for example, a card serial number) and to store the encrypted information, so that a smart card function, a memory card function for information protection, and an OTP inquiry and multimedia display function using the display means can be implemented together in a single card, and to provide a reader for the smart card, a digital rights management method using the smart card and the reader, and an electronic commerce method of allowing the reader to read information from the smart card and connect the read information to the Internet. Technical Solution

[13] In order to accomplish the above object, the present invention includes a smart card

Chip On Board (COB), which is provided in a smart card and is provided with a predetermined Integrated Circuit (IC) chip and eight contact points based on ISO7816 standards, and a COB for flash memory, display means, battery, and central processing means, which is electrically isolated from the smart card COB, is provided in the smart card and is provided with a plurality of input/output terminals.

[14] Further, the flash memory is implemented using NAND-type flash memory.

[15] Further, a reader to accomplish the above object is configured to have a plurality of electrical contact points so as to exchange information with the smart card COB and the COB for flash memory, display means, battery and central processing means, and is connected to a Personal Computer (PC) through a USB.

[16] Further, the reader is mounted in the PC and is configured to separate information requiring protection and information not requiring protection and to separately record or read the information depending on the manipulation of a user. When the reading of information requiring protection is necessary, the reader accesses a server of a credit card company connected thereto via the Internet and is operated in connection with an application program for inquiring whether a credit card incident has occurred and approving or denying the reading of information or in connection with an application program for receiving a password through a USB.

[17] Further, when information requiring protection is recorded by the application program, encryption based on the physical characteristics of bad blocks of the flash memory is performed, so that the information requiring protection is encrypted and is then stored.

[18] Further, the reader decrypts the stored encrypted information into the original information at the time of reading the stored, encrypted information in compliance with the instructions of the application program.

[19] Meanwhile, in order to perform Digital Rights Management (DRM) on digital content stored in the flash memory, the reader may perform the steps of examining unit area-based bad patterns of the flash memory, and determining a bad pattern extraction area; recording a code value of the determined bad pattern extraction area in a table select code field of a card ID; and examining an area corresponding to the area code recorded in the table select code field, and configuring a bad pattern DRM table on the basis of a bad pattern table.

[20] Further, in order to perform DRM on the digital content stored in the flash memory, the reader may perform the steps of extracting physical characteristics of the flash memory; and generating an encryption key using the extracted physical characteristics.

[21] Meanwhile, at the time of recording digital content in the flash memory, the reader may perform the steps of examining unit area-based bad patterns of the flash memory, and determining a bad pattern extraction area; recording a code value of the determined bad pattern extraction area in a table select code field of a card ID; examining an area corresponding to the area code recorded in the table select code field, and configuring a bad pattern DRM table on the basis of a bad pattern table; and recording the digital content in the flash memory by using the bad pattern DRM table as an encryption key.

[22] Further, at the time of recording digital content in the flash memory, the reader may perform the steps of extracting physical characteristics of the flash memory; generating an encryption key using the physical characteristics; and recording digital content in the flash memory using the generated encryption key.

[23] Further, at the time of recording digital content in the flash memory, the reader may perform the steps of setting an area in which addresses of bad areas of the memory used are recorded and recording the area in a header data area, in which the characteristics of a memory card are recorded, rather than a data storage space, and of recording the addresses; and extracting encryption feature values by combining the addresses of the bad areas, encrypting original content data using the encryption feature values, and recording the content data in normal areas of memory and not in the bad areas.

[24] Further, at the time of recording digital content in the flash memory, the reader may perform the steps of marking bad areas of the memory used, at defined locations of corresponding spare areas, as bad areas, and extracting encryption feature values by combining addresses of the bad areas; and encrypting original content data using the encryption feature values and recording the content data in normal areas of the memory and not in the bad areas.

[25] Further, at the time of recording digital content in the flash memory, the reader may perform the steps of marking bad areas of memory used, at defined locations of corresponding spare areas, as bad areas, and extracting encryption feature values using specific values recorded in the memory; and encrypting original content data using the encryption feature values and recording encrypted content data in normal areas of the memory and not in bad areas.

[26] Meanwhile, in the reader, a code value of the bad pattern extraction area is recorded in the table select code field of the card ID, and digital content is recorded by using a 'DRM encryption table configured on the basis of a bad pattern table by examining an area corresponding to the area code recorded in the table select code field' as an encryption key.

[27] Meanwhile, in a method of playing digital content stored in the flash memory, the reader may perform the steps of examining an area corresponding to an area code recorded in a table select code field of a card ID and configuring a bad pattern DRM table on the basis of a bad pattern table; examining whether patterns having real bad pattern addresses in the bad pattern DRM table are real bad patterns; and playing digital content by using the bad pattern DRM table as a decryption key on the basis of the results of examination.

[28] Further, according to the present invention to accomplish the above object, in a method of playing digital content stored in the flash memory, the reader may perform the steps of extracting physical characteristics of the flash memory; generating a decryption key using the extracted physical characteristics; and playing digital content using the generated decryption key.

[29] Further, the present invention to accomplish the above object provides a method of playing digital content stored in the flash memory, comprising the reader reading addresses of bad areas from a header data area, and combining the addresses of the bad areas, thus calculating encryption feature values used for encryption of content data; and the reader recovering original content data using the encryption feature values while sequentially reading content data from memory excepting the bad areas, wherein the encryption feature values are calculated by combining unique values, such as addresses of different bad areas for respective memory devices used, and thus it is physically impossible to perform perfect duplication unless bad areas of memory used for duplication are entirely identical to those of original memory.

[30] Further, the present invention to accomplish the above object provides a method of playing digital content stored in the flash memory, comprising the reader examining memory, reading addresses of bad areas from the memory, and calculating encryption feature values used for encryption of content data by combining the addresses of the bad areas with each other; and the reader recovering original content data using the encryption feature values while sequentially reading data from the memory excepting the bad areas, wherein the encryption feature values are calculated by combining unique values, such as addresses of different bad areas for respective memory devices used, and thus it is physically impossible to perform complete duplication unless bad areas of memory used for duplication are entirely identical to those of original memory.

[31] Further, the present invention to accomplish the above object provides a method of playing digital content stored in the flash memory, comprising the steps of the reader examining memory, reading specific values recorded in the memory, and calculating encryption feature values used for encryption using the specific values; and the reader recovering original content data using the encryption feature values while sequentially reading data from the memory excepting the bad areas, wherein the encryption feature values are calculated by combining specific values recorded in the memory used, and thus it is physically impossible to perform perfect duplication unless bad areas of memory used for duplication are entirely identical to those of the original memory.

[32] Meanwhile, the present invention to accomplish the above object provides a computer-readable recording medium for recording, in a DRM apparatus having a processor, a program for implementing a function of examining unit area-based bad patters of flash memory and determining a bad pattern extraction area; a function of recording a code value of the determined bad pattern extraction area in a table select code field of a card ID; and a function of examining an area corresponding to the area code recorded in the table select code field and configuring a bad pattern DRM table on the basis of a bad pattern table.

[33] Further, the present invention provides a computer-readable recording medium for recording, in a DRM apparatus having a processor, a program for implementing a function of extracting physical characteristics of flash memory; and a function of generating an encryption key using the extracted physical characteristics.

[34] Meanwhile, the present invention provides a computer-readable recording medium for recording, in a digital content recording apparatus having a processor, a program for implementing a function of examining unit area-based bad patterns of a memory device constituting flash memory and determining a bad pattern extraction area; a function of recording a code value of the determined bad pattern extraction area in a table select code field of a card ID; a function of examining an area corresponding to the area code recorded in the table select code field and configuring a bad pattern DRM table on the basis of a bad pattern table; and a function of recording content data in the flash memory by using the bad pattern DRM table as an encryption key. [35] Further, the present invention provides a computer-readable recording medium for recording, in a digital content recording apparatus having a processor, a program for implementing a function of extracting physical characteristics of flash memory; a function of generating an encryption key using the physical characteristics of the flash memory; and a function of recording digital content in the flash memory using the generated encryption key.

[36] Meanwhile, the present invention provides a computer-readable recording medium for recording, in a digital content play apparatus having a processor, a program for implementing a function of examining an area corresponding to an area code recorded in a table select code field of a card ID and configuring a bad pattern DRM table on the basis of a bad pattern table; a function of examining whether patterns having real bad pattern addresses in the bad pattern DRM table are real bad patterns; and a function of playing digital content by using the bad pattern DRM table as a decryption key on the basis of the results of examination.

[37] Further, the present invention provides a computer-readable recording medium for recording, in a digital content play apparatus having a processor, a program for implementing a function of extracting physical characteristics of flash memory; a function of generating a decryption key using the extracted physical characteristics; and a function of playing digital content using the generated decryption key.

[38] Further, the present invention provides a reader, plastic electronic money, and a payment method therefor, which are characterized in that, when plastic electronic money (in the form of a credit card provided with an IC), on which a payment amount can be recorded, is inserted into the reader, and the reader accesses the Internet through a computer, or when a payment amount is input on the basis of product purchase details and electronic commerce details on the screen of the reader in the case where the reader is separately provided with wireless (Bluetooth, wireless LAN, etc.) and mobile communication means (mobile communication, WiBro, etc.), a user can record approval information about the input payment amount in the inserted plastic electronic money and transfer the payment amount to a designated account through the reader of another user in such a way that the reader receives the payment amount approval data from a center for managing the plastic electronic money and records the payment amount approval data on the plastic electronic money inserted into the reader, and that, when the plastic electronic money, the recording of which has been terminated, is taken out of the reader and is inserted into the reader of another user, the payment amount approval data is uploaded onto the center for managing the plastic electronic money and is accumulated in a designated account, and thereafter the payment amount approval data of the plastic electronic money is deleted, and the plastic electronic money is returned to the user. [39] Further, the present invention provides plastic electronic money having a form similar to that of a credit card, wherein the plastic electronic money is configured to have an authentication means, such as a smart card (IC card) used to determine whether electronic money has been forged, a memory means for storing information about an amount of money and transaction information, a display means (for example, e-ink or electronic paper) for maintaining final display content even when power is removed, a disposable battery (or a rechargeable battery) and a central processing unit, and is configured to display a preset amount of money (the denomination of bank notes, for example: ten thousand Won or fifty thousand Won) on the display means, to differently form designs and colors on a plastic printed surface so as to distinguish respective bank notes of different amounts of money, and to provide various types of means, such as a hologram required for the prevention of the forgery of a plastic card, so that the costs of manufacturing the plastic electronic money are higher than those of paper money to approach the preset amount of money, thus preventing the forgery of plastic electronic money and enabling the plastic electronic money to be semipermanently used so as to compensate for increasing manufacturing costs.

[40] Further, the present invention provides plastic electronic money, which has a format similar to that of a credit card and enables an amount of money to be input by a financial institution, like bank checks rather than bank notes, wherein the plastic electronic money is configured to include an authentication means such as a smart card (IC card) used to determine whether electronic money has been forged, a memory means for storing information about an amount of money and transaction information, a display means (for example, e-ink or electronic paper) for maintaining final display content even when power is removed, a disposable battery (or a rechargeable battery) and a central processing unit, and is configured to display a preset amount of money input by a financial institution (like bank checks) on the display means, to differently set designs and colors on a plastic printed surface so as to distinguish respective bank notes of different amounts of money, and to provide various types of means, such as a hologram required for the prevention of the forgery of a plastic card, thus enabling the plastic electronic money to be semi-permanently used so as to compensate for increasing manufacturing costs,

[41] Further, the present invention provides plastic electronic money, which has a format similar to that of a credit card and enables an amount of money to be input by a financial institution, like bank checks, rather than bank notes, wherein the plastic electronic money is characterized in that, when an amount of money is added to an originally recorded amount of money or an amount of money is subtracted from the originally recorded amount of money through account transfer or withdrawal by the system of a financial institution (a device authenticated by a financial institution, such as an Automated Teller Machine [ATM] or a cashier's window), a memory means for storing information about an amount of money and transaction information changes, so that an amount of money displayed on a display means (for example, e-ink or electronic paper), for maintaining final display content even when power is removed, changes.

[42] Further, the present invention provides plastic electronic money, which has a format similar to that of a credit card and enables an amount of money to be input by a financial institution, like bank checks, rather than bank notes, wherein the plastic electronic money is characterized in that, when a total amount of money originally recorded on a display means is returned to the system of a financial institution (a device authenticated by a financial institution, such as an ATM or a cashier's window) and is then transferred or paid to another account, a memory means for storing information about an amount of money and transaction information is initialized, so that an amount of money displayed on the display means (for example, e-ink or electronic paper), for maintaining final display content even when power is removed, is changed to 0, thus enabling a different amount of money to be input to the plastic electronic money by a financial institution and enabling the plastic electronic money to be used again.

Advantageous Effects

[43] The smart card having flash memory, a reader for the smart card, and a digital rights management method using the smart card and the reader according to the present invention are advantageous in that, since flash memory and a display means are included in an existing smart card, storage space for digital information, as well as the function of the smart card itself, are provided, and, in addition, information requiring protection is encrypted using the unique information of the smart card and the encrypted information is stored therein, so that smart card and memory card functions for information protection can be provided through a single card, and further in that, since various types of programs and data for banks and persons are stored in the card, a banking function and an entertainment function can be provided, and further in that, since a wireless or mobile communication means is included in the reader, a new personalized financial device function can be implemented simultaneously with the above functions. Further, the smart card can be used as semi-permanent electronic money, and a range of the applications thereof may extend to a stock exchange card, a membership card and a point card. Meanwhile, it is predicted that future artwork will be implemented in such a way that various types of multimedia pictures will be displayed on electronic frames using large-sized display panels. Accordingly, content created by artists (drawings, pictures, etc.) must be protected to prevent the forgery thereof. In this case, the memory card according to the present invention can also be applied.

Brief Description of Drawings

[44] FIG. 1 is a diagram showing an example of a conventional smart card;

[45] FIG. 2 is a diagram showing an example of a smart card having flash memory and display means according to an embodiment of the present invention;

[46] FIG. 3 is a diagram showing the construction of a reader for the smart card of FIG. 2;

[47] FIG. 4 is a diagram showing the connection of a communication network for inquiry about the occurrence of an incident concerning the smart card of FIG. 2; [48] FIG. 5 is a diagram showing an example of the construction of flash memory used in the present invention;

[49] FIG. 6 is a diagram showing an example of the card ID of FIG. 1 ;

[50] FIG. 7 is a diagram showing an example of a bad pattern extraction area when all the blocks of flash memory are divided by 2048 blocks, according to an embodiment of the present invention; [51] FIG. 8 is a flowchart showing an example of a bad block DRM table configuration method for digital rights management according to an embodiment of the present invention; [52] FIG. 9 is a diagram showing an example of a 256-byte bad block DRM table generated in the bad block table of area 1 having more than 128 bad blocks according to an embodiment of the present invention; [53] FIG. 10 is a diagram showing an example of the bad block table of area 2 having less than 128 bad blocks according to the present invention; [54] FIG. 11 is a diagram showing another example of a 256-byte bad block DRM table generated by attaching padding data to the bad block table of area 2 of FIG. 6 having

128 or less bad blocks according to an embodiment the present invention; [55] FIG. 12 is a flowchart showing an example of a digital content recording method according to an embodiment of the present invention; [56] FIG. 13 is a flowchart showing an example of an authentication process for digital content play according to an embodiment of the present invention; [57] FIG. 14 is a diagram showing an example of the construction of a bad pattern DRM table configuration apparatus for digital rights management according to an embodiment of the present invention; [58] FIG. 15 is a diagram showing an example of a digital content recording apparatus according to an embodiment of the present invention; [59] FIG. 16 is a diagram showing an example of a digital content play apparatus according to an embodiment of the present invention; and [60] FIG. 17 is a diagram showing an example of a key generation apparatus for an asymmetric encryption system to which the present invention is applied. Best Mode for Carrying out the Invention

[61] Hereinafter, embodiments of the present invention will be described in detail with reference to the attached drawings.

[62] FIG. 1 is a diagram showing an example of a conventional smart card. As shown in the drawing, a smart card Chip On Board (COB) is provided in the smart card.

[63] FIG. 2 is a diagram showing a structure in which a COB for flash memory and display means is mounted in a space other than the space in which the smart card COB is mounted, in the conventional smart card of FIG. 1.

[64] The structure of FIG. 2 is described in detail. The smart card having flash memory according to the present invention is implemented such that a smart card COB (IC card COB) functioning as a credit card or a transportation card, and a COB for flash memory and display means for storing digital information are mounted in a single card.

[65] In this case, the smart card COB (IC card COB) is not electrically connected to the

COB for flash memory and display means.

[66] That is, when the smart card having flash memory of FIG. 2 according to the present invention is used as a credit card or a transportation card, it is used in the same way as that of an existing smart card. Further, when information is recorded in the flash memory, or when recorded information is read, the smart card can be used to connect to or be inserted into a dedicated reader according to the present invention.

[67] That is, the smart card includes the smart card COB, which is provided therein and is provided with a predetermined IC chip and eight contact points based on ISO7816 standards, and a COB for flash memory and display means, which is electrically isolated from the smart card COB, is provided in the smart card and is provided with a plurality of input/output terminals. According to ISO7816 standards, the size of a credit card is 85.5 mm x 54 mm, a region of the credit card ranging from the bottom to a position 24 mm above the bottom is defined as an area in which a card number, the term of validity and a name are embossed, and a region of the credit card ranging from the top to a position 15.3 mm below the top is defined as an allowable region of 3-track magnetic encoding. Accordingly, since the smart card COB is located 9 mm far away from a left end in the space between the above regions, a space for accommodating the COB for flash memory and display means is only the right space.

[68] Since 3-tracks of magnetic stripes, a signature panel region, and an embossed region are located on the back of the credit card, and an RF antenna region for a transportation card must be excluded, a space for mounting 1 G-byte or higher flash memory is limited to the right portion of the space between the allowable embossed region and the allowable 3-track encoding region.

[69] Since the height of the COB for flash memory and display means must not be higher than that of the smart card COB, there is a difficulty in that the flash memory COB must be manufactured within a thickness of 0.6 mm in consideration of a card thickness of 0.8mm.

[70] Therefore, in the present invention, in order to acquire space in which memory, a display, a battery and a control processing unit are to be inserted, a region in which a card number, the term of validity and a name are embossed at a thickness of about 0.8 mm and which ranges from the bottom of the card to a position 24 mm above the bottom is utilized, so that the thickness of the embossed region is set as about 1.6mm, which is the sum of the thickness of the card and the embossed thickness, and the thickness of the remaining region rather than the embossed region is set as about 0.8 mm, which is the thickness of existing cards.

[71] That is, since the card of the present invention is characterized in that circuit parts are installed in the embossed region which is thicker than other regions, the thickness of the lower portion of the card is greater than that of the upper portion, but the maximum thickness of the card in each space is identical to that of existing cards. Accordingly, the card of the present invention can be used in an Automated Teller Machine (ATM) without change, and is provided in the state in which a card number, the term of validity, a name, etc., have been printed on a designated region.

[72] As a display means, there are an Organic Light-Emitting Diode (OLED) and a Liquid

Crystal Display (LCD), but they must be continuously supplied with power at the time of operation. However, since the capacity of a battery mounted in a credit card is greatly limited, electronic ink (e-ink, electronic paper), which is capable of maintaining the final display state even when power is removed following the recording of data, is only an alternative plan.

[73] In this case, since power is consumed only when a display state changes, and the final state is maintained, a display state can be changed several hundreds to several thousands of times using only the battery mounted in the credit card, and thus there is no great inconvenience when using the credit card, and the battery is provided to be charged through an external connector when it is being discharged.

[74] Flash memory is provided in such a way that the area thereof is divided into a bank area and a user area. The bank area contains a certificate, a One Time Password (OTP) generation program, and an electronic bankbook, and is not accessible by a user. The user area is composed of folders for music, movie, pictures, documents, an address book, and other folders, and is then allowed to be deleted, added or edited by a dedicated reader or computer.

[75] According to the present invention, the certificate is included in the credit card, so that Internet banking and electronic commerce can be performed regardless of place. Further, the OTP generation program is included in the credit card, so that a password required for Internet banking can be known using the credit card's own display means, and thus Internet banking can also be performed regardless of place.

[76] Details data of account transactions and details data of use of a credit card are recorded in the form of an electronic bankbook to replace a paper bankbook, and are provided to be updated with the latest data, as needed or automatically, through a relevant bank web site accessed by computer or via an ATM.

[77] The information of the user area is automatically backed up by forming relevant folders in a computer at the time of connecting to the computer, so that, when a credit card is lost, damage such as the loss of personal information is prevented.

[78] For a method of connecting the flash memory COB, the size of a wafer or the like must be considered, but a NAND flash memory interface, a USB, Secure Digital (SD), an MMC, a micro SD, a T-flash method, etc. may be applied.

[79] The card of the present invention has a format having such a flash memory COB therein, and can be applied to a stock exchange card, a point card or a membership card, as well as a bank card.

[80] When the card is provided as a stock exchange card, it is configured to be provided with a stock exchange program therein and to automatically inquire about a user's own account and perform stock exchange in arbitrary locations. In the case of a membership card or a point card, the card may be configured to be automatically linked to a service provided by a relevant company.

[81] In addition, the card of the present invention may be configured to include such a display means and related parts, and to function as electronic paper money. Since a medium called "paper money" is only of a value agreed upon by a collective body, the concept of paper money can be displayed by printing or carving various types of precise shapes on a plastic card, or by attaching a forgery prevention device such as a hologram to the plastic card.

[82] Further, since the reason for the forgery of paper money is that the costs of forging paper money are lower than the value of actual paper money, the costs of manufacturing the plastic card are caused to further approach the value of paper money displayed on the card by inserting a display means and various types of authentication functions into a plastic material, thus canceling a pre-condition of forgery.

[83] Paper money is of two types which are bank notes and bank checks. In the case of bank checks, such electronic paper money is configured such that an amount of money is displayed on the display means and is subtracted or added only in banks, similar to the case where current bank checks are issued.

[84] The electronic paper money is made of plastic material, and the durability thereof becomes semipermanent, so that the costs of reissuing current paper money, the average durability of which is about 18 months, can be reduced, and thus disadvantages of a high initial issue price can be overcome.

[85] Referring to FIG. 3, a dedicated reader may be configured to include a socket including a plurality of connection terminals capable of simultaneously connecting to the smart card COB (IC card COB), and the COB for flash memory and display means, thus individually exchanging respective pieces of information with the smart card COB and the COB for flash memory and display means.

[86] Meanwhile, the reader may generate an encryption table in which the location and number of bad blocks which are physical characteristics of flash memory are used as unique factors. Information requiring protection is encrypted using this encryption table, and the encrypted information can be decrypted thereby.

[87] Further, an operation of recording and reading information through the reader is performed by the following two flows depending on whether relevant information requires protection.

[88] In the first flow, that is, when relevant information does not require protection, the reader may connect the flash memory to the personal computer of FIG. 4 through a USB, thus enabling the flash memory to be used as a typical large-capacity storage unit.

[89] In this case, the reader may record or read information in or from the flash memory through the application program included in the present invention, or a general-purpose search program (for example, Windows Explorer).

[90] In the second flow, that is, in the case opposite the above case and where relevant information requiring protection is intended to be recorded, the reader must record the information using the application program included in the present invention.

[91] Hereinafter, the operation flow of the reader related to the second case will be described in detail with reference to FIGS. 3 to 4.

[92] First, the application program reads the unique information of a given smart card itself from the smart card COB (IC card COB) on the smart card (IC card). In this case, the unique information may be the serial number of a given credit card, but is not necessarily limited to such a serial number in the present invention, and it is also possible to replace the unique information with any type of unique information distinguishable from other cards in addition to the serial number of the credit card.

[93] Next, the application program accesses a service server (for example, a credit card company server), capable of determining whether an incident has occurred, using the read unique information over the Internet in a wired or wireless manner, exchanges information about the occurrence of an incident with the service server, and transmits relevant information to the reader when a given card is a card for which an incident has not been reported. The reader encrypts the relevant information using the encryption table which is generated using the characteristics of the bad blocks of the flash memory mounted in the smart card, and records the encrypted information.

[94] Further, when the reader reads protected information from the flash memory, the application program accesses a server, capable of determining whether an incident has occurred, over the Internet in a wired or wireless manner, and exchanges information about the occurrence of an incident with the server, similar to the case where information requiring protection is recorded. When a given card is a card for which an incident has not been reported, the application program receives a command for permitting the reading of relevant information, generates a decryption table, decrypts the encrypted information, and transmits the decrypted information to the PC.

[95] In this case, the reader may be implemented such that, when a card for which an incident was reported is inquired about, the stored encrypted information cannot be read, but the encrypted information can be read again after the situation of the incident has been terminated through the recovery of a lost card or the like. Further, the reader may be implemented such that, depending on the type of incident report (for example, loss, a theft, disposal, etc.), relevant information is completely deleted, or the current Internet access address (for example, IP address) or the like can be immediately and automatically reported.

[96] According to the above construction, in addition to the credit card or the transportation card functionality, a typical USB disc function may be added to the smart card through the provision of the dedicated reader. Further, the functioning of the smart card as a security disc, enabling only a user to record/read the relevant information, can also be predicted.

[97] Typically, the credit card or the transportation card should not be easily lent to other persons regardless of time or place, and a user must pay great attention to preventing the occurrence of loss or theft, like money, by personally carrying the credit card or the transportation card.

[98] That is, information stored in the flash memory included in the smart card (credit card or transportation card), must be primarily secured by the user him or herself. In general, when the loss or theft of the card occurs, this must be immediately reported to a card company, thus preventing damage from occurring.

[99] Therefore, according to the present invention, there is an advantage in that important data or expensive digital information, which requires security and which must not be read by persons other than the user him or herself, is blocked in real time using the information about the reported card, so that there are advantages in that additional loss attributable to the exposure of relevant data and the risks of an incident may be greatly reduced, as well as affording the protection of the relevant data. [100] Further, there are advantages in that, since the COB for flash memory and display means and the smart card COB (IC card COB) provided in the smart card do not form a complete electrical or magnetic connection to each other unless the dedicated reader is used, no influence is exerted on various situations, such as inquiry/payment transactions using an existing IC card reader. Accordingly, the present invention may be free of the problem of compatibility with a credit card or transportation card service terminal that may occur in the commercialization stage of the present invention.

[101] Further, when a wireless (Bluetooth, wireless LAN, etc.) and mobile communication means (mobile communication, Wibro, etc.) are included in the reader, the reader is first configured to purchase a product on the basis of product purchase information displayed on the screen of the reader, and to select one of a credit card, a certificate, and an OTP creator which are provided therein, thus paying for the product. Second, the reader is configured to receive through a separate means information about a store and an amount of money used and to transmit approval information to the payment device of the store through the wireless or mobile communication means of the reader without the taking out of the credit card. Further, when the location tracking function of the mobile communication means is used, a bank may process and provide information about purchase or convenient facilities suitable for the location of the user, thus allowing the user to become a client providing a higher royalty to the bank.

[102] Hereinafter, an embodiment of the present invention in which the reader generates an encryption table by using the location and number of bad blocks the physical characteristics of flash memory) as unique factors will be described with reference to FIGS. 5 to 17.

[103] The flash memory is a memory device enabling data to be continuously stored therein even when power is removed, and is capable of freely storing/erasing data.

[104] Such flash memory is classified into a NOR type and a NAND type according to the internal structure thereof. The NOR flash memory has a structure in which cells are connected in parallel, and the NAND flash memory has a structure in which cells are connected in series.

[105] Therefore, the NAND flash memory is mainly used for an SD card or a memory stick among various memory cards, and the NOR flash memory is mainly used for an MMC card or compact flash memory.

[106] Such flash memory has characteristics that power consumption is low, and stored information is retained without being lost even when power is turned off. Further, flash memory is non- volatile memory to which power is continuously supplied, and is not only capable of retaining the stored information in an unchanged state even when power is shut off, unlike Dynamic Random Access Memory (DRAM), but also is capable of freely inputting or outputting information. Accordingly, flash memory is widely used in digital Televisions (TV), digital camcorders, mobile phones, digital cameras, Personal Digital Assistants (PDA), game playing devices, MP3 players, etc.

[107] However, recently, with the realization of ultra high speed Internet infrastructures, the improvement of the performance of PCs, and the large-capacity of storage units, a great number of illegally duplicated audio and video sources, and digital content, such as educational content, are exposed to typical users without being appropriately paid for, and are then illegally shared and used therebetween.

[108] Due thereto, an idea that digital content is provided for free has become fixedly lodged in the mind of typical users, thus resulting in the withering of markets for recorded musical, video, and educational media.

[109] Although the problem of the protection of digital content rights has arisen due to the spreading of the illegal use, it is almost impossible in actual situations to inhibit users who have experienced the use of free content and know the methods for using content for free from spreading and using illegally duplicated digital content, and to induce them to pay costs suitable for the rights to the content and to use the content.

[110] According to the present invention, since bad patterns (bad blocks, bad pages, bad bits, etc.) which are physical characteristics of a memory device, such as the flash memory provided in the smart card (for example, NAND flash memory or the like) are used as an encryption key, the rights of digital content stored in the flash memory can be protected, and thus the above problem of the content rights can be solved.

[I l l] Here, the physical characteristics of the flash memory may be the bad blocks, bad pages or bad bits. In the present invention, it is apparent that the encryption table can be generated by using the location and number of bad pages or bad bits, as well as the bad blocks, as unique factors.

[112] In the embodiment of the present invention, for convenience of description, a specified file system suitable for a read only storage medium, rather than a public file system such as a File Allocation Table (FAT) 16 or FAT32, is described by way of example together with the fundamental structure of NAND flash memory. However, it should be noted that the present invention is not limited to this example.

[113] The construction of the file system, as described later, is also characterized in that digital content is encrypted using a bad pattern DRM table (DRM encryption table) at the time of recording the digital content.

[114] That is, in the structure of the file system, the entire area, excepting a minimum region required to detect the bad pattern DRM table (DRM encryption table), is encrypted through relevant Digital Rights Management (DRM), and thus typical access to the area is blocked.

[115] Generally, the physical block number '0' of the flash memory (hereinafter referred to as a 'zero block') is used by the manufacturing company thereof to guarantee that the block is not a bad block. Therefore, in the zero block, format-related information of a storage medium, a medium ID (card ID), etc. are stored.

[116] Hereinafter, a block in which bad bits are present according to bad bit information is described by way of example.

[117] However, it should be noted that the present invention can also be equally applied to a page (that is, a bad page) in which bad bits are present according to bad bit information.

[118] Therefore, in the case of bad blocks, a bad block DRM table may be used as a DRM encryption table, and in the case of bad pages, a bad page DRM table may be used as a DRM encryption table.

[119] The bad block DRM table and the bad page DRM table may be collectively called a 'bad pattern DRM table (DRM encryption table)'.

[120] With reference to FIG. 5, the construction of the zero block of flash memory is described.

[121] In a Master Boot Recorder (MBR) corresponding to 'page number 0 of the zero block', information about the construction of the flash memory and the file system is recorded.

[122] Further, in 'page numbers 1 to 5 of the zero block', bad block marking information is recorded. In particular, in 'page number 9 of the zero block', a card ID corresponding to a medium ID is stored.

[123] Such a card ID is composed of pieces of specific information (for example, card version, a DRM table select code, an area code, a manufacturing company code, a copyright holder ID [writer ID], and card serial number information) of a digital content storage medium (memory card) implemented as flash memory, as shown in FIG. 6.

[124] In particular, in the DRM table select code field of FIG. 6 in the card ID (page number 9 of zero block), information about the code of an area (area code), in which bad patterns (bad blocks, bad pages, bad bits, etc.) desired to be used for a DRM encryption table (bad block DRM table) are present (that is, an area having more than a threshold number of bad blocks or an area having a maximum number of bad blocks), is recorded when DRM using bad patterns (bad blocks, bad pages, bad bits, etc.) which are the physical characteristics of the flash memory is implemented.

[125] At this time, the bad pattern extraction area of the flash memory may be either an entire block area of the flash memory or only a specific area. Further, the DRM encryption table (bad block DRM table) using the extracted bad patterns may be configured to have various sizes, such as 128 bytes, 256 bytes, or 512 bytes.

[126] However, for convenience of description, in the present embodiment, an example will be described on the assumption that the DRM encryption table has a size of 256 bytes and the bad pattern extraction area required for the configuration of the DRM encryption table is a specific area of the flash memory, rather than the entire area. However, it should be noted that the present invention is not limited to this example.

[127] In the above description, the term 'specific area' means that, for example, all the blocks of the flash memory can be divided by 2048 blocks and can be processed thereby. That is, as shown in FIG. 7, the bad pattern extraction area required for the configuration of the DRM encryption table (bad block DRM table) is determined in such a way that respective areas are set based on multiples of 2048 blocks in all the blocks of the flash memory, and an area meeting a specific criterion, among the areas, is determined to be a bad pattern extraction area required for the configuration of the DRM encryption table (bad block DRM table).

[128] Here, the term 'specific criterion' means a criterion required to determine whether a relevant area is an area suitable for the configuration of a 256-byte DRM encryption table (bad block DRM table). For example, when an area including more than a threshold number of (for example, 128) bad blocks is present, the relevant area is determined to be the bad pattern extraction area. However, when an area including more than 128 bad blocks is not present, an area including a maximum number of bad blocks, among the plurality of areas (areas set based on multiples of 2048 blocks), is the bad pattern extraction area required for the configuration of the DRM encryption table (bad block DRM table).

[129] The bad pattern extraction area is determined on the basis of a bad block table generated while a memory card is formatted at the time of manufacturing a digital content storage medium (memory card). The area code of the relevant area determined at that time is recorded in the DRM table select code field of the card ID of FIG. 6.

[130] FIG. 8 is a flowchart showing an example of a bad block DRM table configuration method for digital rights management according to an embodiment of the present invention. The flowchart shows a procedure for examining an area corresponding to the area code recorded in the DRM table select code field of the card ID, and configuring a bad block DRM table (DRM encryption table).

[131] As described above, the procedure for configuring the bad block DRM table (DRM encryption table) is described below. In all the blocks of the flash memory, respective areas are set based on multiples of the number of blocks (for example, based on multiples of 2048 blocks). Among the areas, a bad pattern extraction area meeting a specific criterion (for example, an area having more than a threshold number of [for example, 128] bad blocks, or an area having a maximum number of bad blocks), is determined on the basis of the bad block table. The code value of the relevant area (area code) is recorded in the DRM table select code field of the card ID.

[132] Thereafter, the area corresponding to the determined bad pattern extraction area (that is, the area corresponding to the area code) is examined at step 401, so that the bad block DRM table (DRM encryption table) can be configured, as shown in FIG. 9 or 11, at steps 402 to 406. Here, FIG. 9 illustrates a 256-byte bad block DRM table (DRM encryption table), generated on the basis of the bad block table of area 1 (block 0 ~ block 2047) having more than 128 bad blocks, and FIG. 11 illustrates a 256-byte bad block DRM table (DRM encryption table), generated by attaching padding data to the bad block table (refer to FIG. 10) of area 2 (block 2048 ~ block 4095), having 128 or less bad blocks.

[133] This is described in detail. When an examination target area (area corresponding to the area code) has more than 128 sufficient bad blocks so as to configure a 256-byte bad block DRM table (DRM encryption table) at step 402, a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 9] composed of 128 real bad block addresses is generated on the basis of the bad block table of an area having more than 128 (256 byte) bad blocks (for example, area 1 having blocks 0 to 2047) at step 403.

[134] FIG. 9 illustrates a 256-byte bad block DRM table (DRM encryption table) generated on the basis of the bad block table corresponding to area 1 (block 0 ~ block 2047) having more than 128 bad blocks. That is, more than 128 real bad blocks are present in the area 1, so that the 256-byte bad block DRM table (DRM encryption table) is configured using only the addresses of the bad blocks. In this case, the padding operation of FIG. 11 is not required.

[135] Meanwhile, when a relevant area (examination target area, that is, the area corresponding to the area code) does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table) at step 402, a padding operation is performed using an appropriate method, as described later, at steps 404 and 405, thus configuring the 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11] at step 406. In this case, the bad block DRM table (DRM encryption table) is composed of 18 (36 byte) real bad block addresses and 110 (220 byte) pieces of padding data.

[136] Here, as a padding method, various methods may exist, but, in the present embodiment, the bad block DRM table (DRM encryption table) is configured using the card serial number field (16 byte) of the card ID. For example, the 256-byte bad block DRM table (DRM encryption table) of FIG. 11 is configured using padding values obtained by sequentially performing an XOR operation on existing real bad block table values and a card serial number value.

[137] That is, in the bad block table of area 2 having 128 or less bad blocks of FIG. 10, an XOR operation is sequentially performed on the real bad block table values and the card serial number value, so that a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11] is generated by attaching padding data (that is, values obtained by sequentially performing an XOR operation on the bad block table values and the card serial number value) to the bad block table (that is, the bad block table having 18 [36 byte] real bad block addresses in FIG. 10) of area 2 (block 2048 to block 4095) having 128 or less bad blocks.

[138] In this case, the bad block DRM table (DRM encryption table) is composed of 36 bytes of real bad block addresses and 220 bytes of padding data (0x09, 0x10, OxOB, 0x17, ...).

[139] FIG. 10 illustrates a bad block table generated on the basis of 128 or less bad blocks (for example, 18 [36 bytes] real bad blocks) in area 2 (block 2048 ~ block 4095). That is, when only 18 bad blocks (36 byte) from 0x0812 to OxOCFE are present in area 2, the bad block table corresponding thereto is exemplified.

[140] In order to generate a 256-byte bad block DRM table (DRM encryption table) on the basis of the bad block table composed of 18 (36 byte) real bad block addresses of FIG. 10, a padding operation must be performed. If the card serial number is assumed to be "0x01020304050607080900010203040506", padding values obtained by sequentially performing an XOR operation on the bad block table values and the card serial number value are given as '0x09', 'OxIO', ¹OxOB', '0x17', ....

[141] Therefore, the padding data (values obtained by sequentially performing an XOR operation on the bad block table values and the card serial number value) is attached to the bad block table (refer to FIG. 10) composed of 18 (36 byte) real bad block addresses, and thus the 256-byte bad block DRM table (DRM encryption table) is configured, as shown in FIG. 11.

[142] The bad block DRM table (DRM encryption table) formed using the above-described method is a unique factor that is determined according to the physical characteristic, which a given storage medium (memory card implemented as a memory device) can have, and that is unique in all probability.

[143] FIG. 12 is a flowchart showing an example of a method of recording digital content in the flash memory according to an embodiment of the present invention.

[144] First, the flash memory (for example, NAND flash memory) is formatted to a low level at step 801, so that bit-based bad pages (pages including bad bits) or bit-based bad blocks (blocks including bad bits) are examined by writing 0xAA55, and the pages or blocks including bad bits are marked as bad pages or bad blocks at step 802. That is, blocks having bad bits according to bad bit information detected at the time of initialization (formatting) are marked as bad blocks, and pages having bad bits according to bad bits detected at the time of initialization are marked as bad pages.

[145] Thereafter, the bad blocks are recorded in a bad block table at step 803. At this time, the bad block table may be provided for each of areas into which all the blocks of the flash memory are divided by 2048 blocks. [146] Next, after the flash memory has been formatted to a low level, an area satisfying a specific condition (criterion) is determined with reference to the recorded bad block table, and then the area code value of the relevant area is recorded in the DRM table select code field of the Card ID (page number 9 of the zero block) at step 804. For example, all the blocks of the flash memory are divided by 2048 blocks, and then respective areas are set. Among the areas, an area satisfying the specific condition (criterion) is determined to be a bad pattern extraction area required for the configuration of the DRM encryption table (bad block DRM table), and thereafter the area code of the determined area is recorded in the DRM table select code field of the card ID.

[147] Here, the term 'specific condition (criterion)' means a criterion required to determine whether a given area is an area suitable for the configuration of a 256-byte DRM encryption table (bad block DRM table).

[148] For example, an area having more than a threshold number of bad blocks, or an area having a maximum number of (for example, 128) bad blocks may be determined to be a bad pattern extraction area. At this time, the determination of the bad pattern extraction area may be performed to assign priority for the determination of an area in such a way that whether an area having more than a threshold number of (for example, 128) bad blocks is present is determined, and an area having a maximum number of bad blocks, among the plurality of areas (areas set based on multiples of 2048 blocks), is determined to be the bad pattern extraction area if it is determined that the area is not present.

[149] The area code value of the area determined to be the bad pattern extraction area is recorded in the DRM table select code field of the card ID of FIG. 6 at step 804.

[150] Thereafter, if the examination target area (area corresponding to the area code) has more than 128 bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table) at step 805, a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 9], composed of 128 real bad block addresses, is generated on the basis of the bad block table of the area having more than 128 (256 byte) bad blocks at step 806.

[151] This means that, since more than 128 (256 byte) real bad blocks are present in, for example, area 1 (block 0 ~ block 2047), the 256-byte bad block DRM table (DRM encryption table) can be configured using only the addresses of the real bad blocks.

[152] Meanwhile, when the relevant area (examination target area [area corresponding to the area code]) does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table) at step 805, a padding operation is performed, so that the 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11] is generated at step 807. That is, the 256-byte bad block DRM table (DRM encryption table) is configured, as shown in FIG. 11, using padding values generated by sequentially performing an XOR operation on the real bad block table values and the card serial number value.

[153] For example, in the bad block table of area 2 having 128 or less bad blocks of FIG. 10, an XOR operation is sequentially performed on the real bad block table values and the card serial number value, thus generating a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11], in which padding data (values generated by sequentially performing an XOR operation on the bad block table values and the card serial number value [for example, '0x01020304050607080900010203040506']) is attached to the bad block table of area 2 (block 2048 ~ block 4095) (that is, in FIG. 10, a bad block table having 18 (36 byte) real bad block addresses]). As a result, the bad block DRM table (DRM encryption table) composed of 36 bytes of real bad block addresses and 220 bytes of padding data (0x09, 0x10, OxOB, 0x17,...) is configured.

[154] Next, after the bad block table, extracted and recorded in the zero block, is deleted while the flash memory is formatted to a low level at step 808, digital content is recorded in the NAND flash memory by using the generated bad block DRM table (DRM encryption table) as an encryption key at step 809.

[155] It is apparent that the term 'flash memory' described in the present invention may mean the flash memory COB itself shown in FIG. 2.

[156] FIG. 13 is a flowchart showing an example of an authentication process for digital content play according to an embodiment of the present invention.

[157] That is, according to the present invention, digital content may be played by merely reading data from flash memory provided in the smart card using a reader.

[158] First, when the reader connected to the flash memory is inserted into or connected to a digital content provision apparatus (a media player, a computer, etc.) at step 901, the digital content provision apparatus (a media player, a computer, etc.) reads the information of the card ID (page number 9 of zero block), and starts an authentication process at step 902.

[159] At this time, in the DRM table select code field of the card ID, information about the code of an area (area having more than a threshold number of bad blocks, or an area having a maximum number of bad blocks), in which bad patterns (bad blocks, bad pages, bad bits, etc.) desired to be used for a DRM decryption table (bad block DRM table) are present, is recorded, and thus the information of the card ID is determined at the time of playing media.

[160] Therefore, an area corresponding to the DRM table select code of the card ID is examined at step 903, so that the bad block DRM table (DRM decryption table) is configured at step 904.

[161] For example, when the area corresponding to an area code recorded in the DRM table select code field has more than 128 sufficient bad blocks, a 256-byte bad block DRM table (DRM decryption table) [refer to FIG. 9] composed of 128 real bad block addresses is configured on the basis of the bad block table of the area having more than 128 (256 byte) bad blocks.

[162] However, when the area corresponding to the area code recorded in the DRM table select code field does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM decryption table), a padding operation is performed, and thus a 256-byte bad block DRM table (DRM decryption table) [refer to FIG. 11] is configured. That is, through the use of padding values generated by sequentially performing an XOR operation on the real bad block table values and the card serial number value, the 256-byte bad block DRM table (DRM decryption table) of FIG. 11 is configured.

[163] Thereafter, in the bad block DRM table (DRM decryption table) configured in this way, whether blocks corresponding to the real bad block table values, rather than the padding values, are real bad blocks is determined at step 905.

[164] For example, whether blocks having real bad block addresses are real bad blocks in the bad block DRM table (DRM decryption table) of FIG. 11, composed of 36 bytes of real bad block addresses and 220 bytes of padding data (0x09, 0x10, OxOB, 0x17, ...), is determined.

[165] A procedure for determining whether blocks are real bad blocks is described below. For example, about 10 bad blocks are randomly selected from the real bad block table, and whether the selected bad blocks are real bad blocks is examined at step 906.

[166] At this time, a Write Protect (WP) pin is disabled, and 0xAA55 and 0x55 AA are written in the corresponding page of each real bad block, and thus whether the bad blocks are real bad blocks is determined at step 907.

[167] If it is determined at step 907 that bad blocks are real bad blocks, a predetermined number of (about 10) real bad blocks are additionally examined using the same method at step 906. Similarly, for the additionally selected bad blocks, a procedure for disabling a WP pin and writing 0xAA55 and 0x55AA in the corresponding page of each real bad block is performed at step 907.

[168] In this way, when the additionally performed examination on the real bad blocks has succeeded (that is, when the authentication of the use of media has succeeded), the use of digital content media (play or read) is permitted at step 908.

[169] Therefore, when the authentication of the use of media has succeeded, digital content data is provided to the user while being decrypted using the bad block DRM table (DRM decryption table) at step 909.

[170] However, when the authentication of the use of media has failed, notification of the failure of authentication is provided to the user, thus requesting the user to check the flash memory at step 910.

[171] In the above procedure for determining whether bad blocks are real bad blocks, several conditions may be given in relation to the determination of which is the number of real bad blocks that are examination targets, the determination of whether encryption and decryption are to be applied to the entire digital content in the encryption and decryption of digital content by using the generated bad block DRM table (DRM encryption/decryption table), or the determination of whether encryption and decryption are to be applied only to a specific area. However, in the present embodiment, the case where application is performed on the basis of values corresponding to the lower 4 bits of the last bad block address of the real bad block table is described by way of example.

[172] For example, when the bad block table is given as shown in FIG. 10 (that is, the bad block table of FIG. 10 is a bad block table having 18 (36 byte) real bad block addresses), the last bad block address is 'OxFE', and the lower 4 bits thereof are 'OxOE (= a decimal number of 14)', and thus the above conditions are determined on the basis of the 'decimal number of 14'.

[173] That is, the determination of real bad blocks is performed by examining bad blocks corresponding to a multiple of 14. If the number of bad blocks which are examination targets does not exceed 5, bad blocks from a first bad block are additionally included in the sequential examination targets, and thus the total number of examination target bad blocks is maintained at at least 5.

[174] Similar to this, a description will be made on the basis of the above conditions. The encryption of digital content data is also performed on blocks having block addresses corresponding to a multiple of 14. Decryption thereof is also performed on the basis of the same criterion and condition as those of encryption.

[175] The above-described method of the present invention can be applied to various fields in consideration of the entire performance and other conditions of the system to which DRM is applied. For example, the method can be applied to an asymmetric encryption system.

[176] An example of the application is described below. As described above, a bad pattern DRM table (DRM encryption table) is generated using bad patterns.

[177] A seed key is generated using a Hash function that uses the bad pattern DRM table

(DRM encryption table) as a transform parameter. From the seed key, a public key and a private key are generated through a Public Key Infrastructure (PKI) algorithm (Rivest-Shamir-Adleman [RSA], Elliptic Curve Cryptography [ECC], etc.), and they can be applied to PKI solutions that have been used in various existing fields.

[178] This shows that the bad patterns of each of digital content storage media are factors causing the generation of a private key, and the content of the private key does not need to be logically recorded using any method, thus further strengthening the security of an asymmetric encryption system using the above example.

[179] That is, a client may download content data, encrypted by a server using the public key, and may decrypt the encrypted content data using the private key extracted from the digital content data.

[180] As described above, when the physical characteristics (bad blocks, bad pages, bad bits, etc.) of the flash memory in which respective pieces of digital content are recorded, are used as an encryption key, respective digital content storage media have different bad block DRM tables (DRM encryption tables).

[181] Because of this, a disadvantage in that existing DRM using a specific physical algorithm or an encryption table loses its value as DRM, as the specific algorithm or the encryption table of the existing DRM is open to the public, can be overcome.

[182] Even if a memory device constituting a digital content storage medium (for example, NAND flash memory) is digitally duplicated using any of the methods used for the purpose of illegal duplication, or even if a digital content storage medium identical to the original is duplicated using a memory dump method in a physical manner, the duplicated digital content storage medium is not effective.

[183] The reason for this is that, even if a digital content storage medium physically identical to the original is duplicated, the bad patterns (bad blocks, bad pages, bad bits, etc.) which are physical characteristics of a memory device (for example, NAND flash memory) constituting the storage medium are not duplicated.

[184] That is, although even marking of bad blocks or bad pages is duplicated in the spare area of flash memory block, such marking cannot physically correlate to real bad blocks or bad pages. As a result, a duplicated digital content storage medium (even bad patterns are not duplicated) fails in authentication in the real bad block examination procedure of a digital content media authentication process when the storage medium is used (played). Accordingly, the duplicated digital content storage medium is then determined to be an ineffective storage medium.

[185] For that reason, the present invention can sufficiently protect the digital content of a copyright holder, unlike existing storage media, such as a CD or a DVD, having contradiction indicating that the existing storage media become media capable of providing profit to the copyright holder of digital content, and, simultaneously, they become media through which the copyright holder's digital content is infinitely duplicated because they are infinitely exposed to illegal duplication by typical users.

[186] Meanwhile, other examples of methods of preventing the copying and illegal duplication of the entirety of the flash memory may include an encryption/decryption method using different bad areas (blocks, pages, sub-pages, or locations) for respective flash memory devices. [187] For example, an area in which the addresses of bad areas of memory used (blocks, pages, sub-pages, or locations) are recorded, is set in a header data area in which the characteristics of a memory card (digital content storage medium) are recorded, rather than a data storage space, and the set area is recorded. The addresses of the bad areas are combined with each other to extract encryption feature values (for example, encryption feature values based on a bad block DRM table [DRM encryption table]). Thereafter, original content data is encrypted using such encryption feature values, and thus the encrypted content data is recorded in the normal areas of the memory and not in the bad areas of the memory.

[188] Thereafter, when such a memory card is inserted, a play apparatus reads the addresses of the bad areas from the header data area, calculates encryption feature values (for example, encryption feature values based on the bad block DRM table [DRM encryption table]) used for the encryption of content data by combining the addresses of the bad areas with each other, and recovers original content data using the encryption feature values while sequentially reading data from the memory excepting the bad areas.

[189] At this time, the encryption feature values are calculated through a combination of unique values, such as the addresses of different bad areas for respective memory devices used, so that perfect duplication is physically impossible unless the bad areas of the memory used for duplication and bad areas of the original memory are entirely identical to each other.

[190] As another example, bad areas (blocks, pages, sub-pages or locations) of memory used are marked on defined locations of spare areas corresponding thereto as bad areas, and encryption feature values (for example, encryption feature values based on the bad block DRM table [DRM encryption table]) are extracted by combining the addresses of the bad areas. Thereafter, original content data is encrypted using the encryption feature values, and the encrypted content data is recorded in the normal areas of the memory and not in the bad areas of the memory.

[191] Thereafter, when such a memory card is inserted, the play apparatus reads the addresses of bad areas by examining the memory, calculates encryption feature values used for the encryption of content data by combining the addresses of the bad areas (for example, encryption feature values based on the bad block DRM table [DRM encryption table]), and recovers original content data using the encryption feature values while sequentially reading data from the memory excepting the bad areas.

[192] At this time, since the encryption feature values are calculated by combining unique values, such as the addresses of different bad areas for respective memory devices, perfect duplication is physically impossible unless the bad areas of memory used for duplication and the bad areas of original memory are entirely identical to each other. [193] As a further example, the bad areas (blocks, pages, sub-pages, and locations) of memory used are marked at defined locations of spare areas corresponding thereto as bad areas, and encryption feature values (for example, encryption feature values based on the bad block DRM table [DRM encryption table]) are extracted using specific values (for example, a serial number, etc.) recorded in the memory. Thereafter, original content data is encrypted using the encryption feature values, and encrypted content data is recorded in normal areas of the memory and not in the bad areas of the memory.

[194] Thereafter, when such a memory card is inserted, the play apparatus reads the specific values recorded in the memory, calculates encryption feature values (for example, encryption feature values based on the bad block DRM table [DRM encryption table]) used as specific values, and recovers original content data using the encryption feature values while sequentially reading data from the memory excepting the bad areas.

[195] At this time, the encryption feature values are calculated through a combination of specific values recorded in the memory used, so that perfect duplication is physically impossible unless the bad areas of memory used for duplication and the bad areas of original memory are completely identical to each other.

[196] In the above description, in order to prevent duplication from being performed in such a way that the bad areas of a memory card, intellectual property rights of which are guaranteed, are read, the normal areas of the memory card desired to be duplicated are equally marked as bad areas, and identical encryption feature values are generated so as to duplicate the memory card, the play apparatus determines whether bad areas are physically formed or are merely marked for duplication through a procedure of writing/reading data in/from the bad areas when the memory card is inserted. If it is determined that the bad areas are merely marked, the play apparatus classifies the memory card as an 'illegally duplicated memory card', and does not play recorded digital content data. As described above, the present invention determines the authenticity of bad areas, thus identifying an illegally duplicated memory card.

[197] FIG. 14 is a diagram showing an example of the construction of a bad pattern DRM table configuration apparatus for digital rights management according to an embodiment of the present invention. For convenience of description, a description will be made on the basis of the operation of the apparatus for generating a bad block DRM table (DRM encryption table).

[198] A bad pattern detection unit 101 sets areas based on multiples of the number of blocks (or bad pages) (for example, based on multiples of 2048 blocks) in all the blocks of the flash memory, and detects bad blocks (or bad pages) in each of the areas.

[199] A real bad pattern examination unit 102 determines a bad pattern extraction area meeting a specific criterion (for example, an area having more than a threshold number of bad blocks [or bad pages], or an area having a maximum number of bad blocks [or bad pages]), and records the code value (area code) of the relevant area in the DRM table select code field of the card ID.

[200] At this time, the area code value, recorded in the DRM table select code field of the card ID, is the area code of the bad pattern extraction area meeting the specific condition among the areas obtained by dividing all the blocks of the flash memory by 2048 blocks.

[201] The specific condition is, for example, a criterion required to determine whether a specific area is an area suitable for the configuration of a bad block (or bad page) DRM table (DRM encryption table). According to such a specific condition, an area having more than a threshold number of (for example, 128) bad blocks (or bad pages), or an area having a maximum number of bad blocks (or bad pages), can be determined to be the bad pattern extraction area.

[202] A bad pattern table configuration unit 103 records the addresses of bad blocks (or bad pages) of the area corresponding to the area code, recorded in the DRM table select code field of the card ID, in the bad block (or bad page) table.

[203] A bad pattern DRM table calculation unit 104 examines the area corresponding to the area code recorded in the DRM table select code field of the card ID. That is, whether the area corresponding to the area code has bad blocks (or bad pages) sufficient to configure a bad block (or bad page) DRM table (DRM encryption table) is examined.

[204] A bad pattern DRM table generation unit 105 configures a bad block (or bad page) DRM table (DRM encryption table) on the basis of the bad pattern table (bad block table or bad page table) of the area corresponding to the area code recorded in the DRM table select code field of the card ID.

[205] For example, when the area corresponding to the area code has more than 128 bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table), a 256-byte bad block DRM table (DRM encryption table) [refer to 9] composed of 128 real bad block addresses is configured on the basis of the bad block table of the area (for example, area 1 having block 0 ~ block 2047) having more than 128 (256 byte) bad blocks.

[206] Further, when the area corresponding to the area code does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table), a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11] is generated by performing a padding operation.

[207] For example, the bad block DRM table (DRM encryption table) of FIG. 11 is configured using 18 (36 byte) real bad block addresses and 110 (220 byte) pieces of padding data. At this time, as an example of a padding method, a 256-byte bad block DRM table (DRM encryption table) can be configured, as shown in FIG. 11, using padding values, generated by sequentially performing an XOR operation on real bad block table values and a card serial number value.

[208] FIG. 15 is a diagram showing an example of the construction of a digital content recording apparatus according to an embodiment of the present invention.

[209] A bad pattern examination and marking unit 111 formats the flash memory (for example, NAND flash memory) of a storage medium (memory card implemented using a memory device) to a low level, examines bit-based bad pages (pages having bad bits) or bit-based bad blocks (blocks having bad bits) by writing 0xAA55, and marks pages or blocks having bad bits as bad pages or bad blocks.

[210] A bad pattern area selection unit 112 formats the flash memory to a low level, and determines an area meeting a specific condition (criterion) with reference to a recorded bad block (or bad page) table. A media information recording unit 113 records the area code of the area in the DRM table select code field of the card ID (page number 9 of zero block).

[211] For example, all the blocks of the flash memory are divided by 2048 blocks, and thus respective areas are set. Among the areas, an area meeting a specific condition (criterion) is determined to be a bad pattern extraction area required for the configuration of a bad block (or bad page) DRM table (DRM encryption table). Thereafter, the area code of the determined area is recorded in the DRM table select code field of the card ID. The term 'specific condition (criterion)' means a criterion required to determine whether a specific area is an area suitable for the configuration of a bad block (or bad page) DRM table (DRM encryption table). For example, an area having more than a threshold number of (for example, 128) bad blocks (or bad pages), or an area having a maximum number of bad blocks (or bad pages) can be determined to be a bad pattern extraction area.

[212] The determination of the bad pattern extraction area may be performed by determining whether an area having more than a threshold number of (for example, 128) bad blocks (or bad pages) is present, and by determining an area, having a maximum number of bad blocks (or bad pages) among the plurality of areas (areas set based on multiples of 2048 blocks), to be the bad pattern extraction area if it is determined that the relevant area is not present.

[213] In this way, the area code value of the area determined to be the bad pattern extraction area is recorded in the DRM table select code field of the card ID of FIG. 6.

[214] A bad pattern DRM table generation unit 114 configures a bad block (or bad page) DRM table (DRM encryption table) on the basis of the bad pattern table (bad block table or bad page table) of the area corresponding to the area code recorded in the DRM table select code field of the card ID.

[215] For example, when the area corresponding to the area code has more than 128 sufficient bad blocks, a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 9] composed of 128 real bad block addresses is configured on the basis of the bad block table of the area (for example, area 1 having block 0 ~ block 2047) having more than 128 (256 bytes) bad blocks. When the area corresponding to the area code does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table), a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11] is configured by performing a padding operation.

[216] A content encryption recording unit 115 records digital content in the memory device (for example, NAND flash memory) by utilizing the bad pattern DRM table (DRM encryption table), generated by the bad pattern DRM table generation unit 114, as an encryption key.

[217] FIG. 16 is a diagram showing an example of the construction of a digital content play apparatus according to an embodiment of the present invention.

[218] When a memory device (for example, NAND flash memory) is inserted into or connected to a digital content provision apparatus (media player) through the reader, a media information collection unit 121 reads information about a card ID (page number 9 of zero block).

[219] In this case, in the DRM table select code field of the card ID, the area code information of the area having bad patterns (bad blocks, bad pages, bad bits, etc.) (area having more than a threshold number of bad blocks [or bad pages], or an area having a maximum number of bad blocks [or bad pages]), desired to be used for a bad pattern DRM table (DRM decryption table) is recorded, and thus information of the card ID is collected at the time of playing media.

[220] A bad pattern DRM table generation unit 122 configures a bad block (or bad page) DRM table (DRM decryption table) on the basis of the bad pattern table (bad block table or bad page table) of the area corresponding to the DRM table select code field of the card ID.

[221] For example, when the area corresponding to the area code recorded in the DRM table select code field has more than 128 sufficient bad blocks, the bad pattern DRM table generation unit 122 configures a 256-byte bad block DRM table (DRM decryption table) [refer to FIG. 9] composed of 128 real bad block addresses on the basis of the bad block table of the area having more than 128 (256 byte) bad blocks. When the area corresponding to the area code recorded in the DRM table select code field does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM decryption table), the bad pattern DRM table generation unit 122 configures a 256-byte bad block DRM table (DRM decryption table) by performing a padding operation (refer to FIG. 11).

[222] That is, the 256-byte bad block DRM table (DRM decryption table) of FIG. 11 is configured using padding values generated by sequentially performing an XOR operation on the real bad block table values and the card serial number value.

[223] A media authentication unit 123 determines whether blocks (or pages) corresponding to the real bad block (or bad page) table values, rather than padding values, in the bad block(or bad page) DRM table (DRM decryption table) generated by the bad pattern DRM table generation unit 122, are real bad blocks (or bad pages).

[224] For example, the media authentication unit 123 determines whether blocks having real bad block addresses in the bad block DRM table (DRM decryption table) of FIG. 11, composed of 36 bytes of real bad block addresses and 220 bytes of padding data (0x09, 0x10, OxOB, 0x17, ...), are real bad blocks.

[225] In this case, in order to determine whether blocks are real bad blocks (or bad pages), about 10 bad blocks (or bad pages) are randomly selected from the real bad block (or bad page) table, and whether the selected bad blocks are real bad blocks (or bad pages) is examined.

[226] At this time, a Write Protect (WP) pin is disabled, and 0xAA55 and 0x55AA are written in the corresponding page of each real bad block (or bad page), so that whether the blocks are real bad blocks (or bad pages) is determined.

[227] If it is determined that the blocks are real bad blocks (or bad pages), a suitable number of real bad blocks (or bad pages) are additionally examined using the same method. Even on the additionally selected bad blocks (or bad pages), a Write Protect (WP) pin is disabled, and 0xAA55 and 0x55AA are written in the corresponding page of each real bad block (or bad page), so that whether the additionally selected blocks are real bad blocks (or bad pages) is determined.

[228] A content decryption and play unit 124 permits the use of digital content media (play or read) on the basis of the results of the authentication performed by the media authentication unit 123. That is, when the authentication of the use of media has succeeded, the content decryption and play unit 124 transmits digital content data to a user while decrypting the digital content data using the generated bad block (or bad page) DRM table (DRM decryption table). Further, when the authentication of the use of the media has failed, the content decryption and play unit 124 notifies the user of the failure of the authentication, thus requesting the user to check the digital content storage medium.

[229] FIG. 17 is a diagram showing an example of the construction of a key generation apparatus for an asymmetric encryption system to which the present invention is applied.

[230] A bad pattern detection unit 131 sets areas based on multiples of the number of blocks (or pages) (for example, based on multiples of 2048 blocks) in all the blocks (or bad pages) of the flash memory, and detects bad blocks (or bad pages) from each of the areas.

[231] A bad pattern DRM table generation unit 132 configures a bad block (or bad page) DRM table (DRM encryption table) on the basis of the bad pattern table (bad block table or bad page table) of the area corresponding to the DRM table select code of the card ID.

[232] For example, when the area corresponding to the area code recorded in the DRM table select code field has more than 128 sufficient bad blocks, a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 9] composed of 128 real bad block addresses is configured on the basis of the bad block table of the area having more than 128 (256 byte) bad blocks. When the area corresponding to the area code recorded in the DRM table select code field does not include bad blocks sufficient to configure a 256-byte bad block DRM table (DRM encryption table), a 256-byte bad block DRM table (DRM encryption table) [refer to FIG. 11] is configured by performing a padding operation.

[233] That is, the 256-byte bad block DRM table (DRM encryption table) of FIG. 11 is configured using padding values generated by sequentially performing an XOR operation on real bad block table values and a card serial number value.

[234] A media authentication unit 133 determines whether blocks (or pages) corresponding to the real bad block (or bad page) table values, rather than padding values, in the bad block (or bad page) DRM table (DRM encryption table) generated by the bad pattern DRM table generation unit 132, are real bad blocks (or bad pages).

[235] For example, the media authentication unit 133 determines whether blocks having real bad block addresses are real bad blocks in the bad block DRM table (DRM encryption table) of FIG. 11 composed of 36 bytes of real bad block addresses and 220 bytes of padding data (0x09, 0x10, OxOB, 0x17, ...).

[236] Here, in order to determine whether the blocks are real bad blocks (or bad pages), for example, about 10 bad blocks (or bad pages) are randomly selected from the real bad block (or bad page) table, and whether the selected bad blocks are real bad blocks (or bad pages) is examined.

[237] At this time, a Write Protect (WP) pin is disabled, and 0xAA55 and 0x55AA are written in the corresponding page of each real bad block (or bad page), so that whether the blocks are real bad blocks (or bad pages) is determined.

[238] If it is determined that the blocks are real bad blocks (or bad pages), a suitable number (for example, about 10) of real bad blocks (or bad pages) are additionally examined using the same method. Even on the additionally selected bad blocks (or bad pages), a Write Protect (WP) pin is disabled, and 0xAA55 and 0x55AA are written in the corresponding page of each real bad block (or bad page), so that whether the additionally selected blocks are real bad blocks (or bad pages) is determined. [239] A seed key generation unit 134 generates a seed key through a Hash function which uses a bad pattern DRM table (DRM encryption table) as a transform factor.

[240] An asymmetric encryption key generation unit 135 generates a public key and a private key through a PKI algorithm (RSA, ECC, etc.) using the seed key generated by the seed key generation unit 134.

[241] The public key may be used to encrypt digital content data, and the private key may be used to decrypt digital content data.

[242] The above-described method of the present invention may be implemented in the form of a program and may be stored in recording media (Compact Disc (CD)-Read Only Memory (ROM), Random Access Memory (RAM), ROM, a floppy disc, a hard disc, a magneto-optical disc, etc.) in a computer-readable form.

[243] Such a process may be implemented by those skilled in the art of the present invention, and thus a detailed description thereof is omitted.

[244] Although the present invention has been described according to limited embodiments and drawings, those skilled in the art will appreciate that various changes and modifications are possible, without departing from the technical spirit of the invention and the accompanying claims and equivalent ranges thereof.

Claims

[1] A card, comprising: a magnetic card track for performing one or more of functions of a bank card, a stock exchange card, a transportation card, a point card and a membership card; and a flash memory Chip On Board (COB) for storing digital information, wherein the magnetic card track and the flash memory COB are separated and mounted in a single card.

[2] A card, comprising: a magnetic card track and a smart card Chip On Board (COB) for performing one or more of functions of a bank card, a stock exchange card, a transportation card, a point card, and a membership card; and a flash memory COB for storing digital information, wherein the magnetic card track, the smart card COB and the flash memory COB are separated and mounted in a single card.

[3] The card according to claim 2, further comprising: display means including a display COB in which a battery charging terminal and a terminal for communication with an external device are installed, the display means maintaining final display content even when power is removed; a battery for charging; and a central processing unit for managing and controlling data input/output from/to the smart card COB and the flash memory COB and supply of power, wherein the central processing unit performs control such that a program or content stored in the flash memory is read and displayed on the display means, and wherein the display COB and the smart card COB are separated and mounted in a single card.

[4] The card according to claim 2, further comprising: display means including a display COB in which a battery charging terminal and a terminal for communication with an external device are installed, the display means maintaining final display content even when power is removed; a battery for charging; a central processing unit for managing and controlling data input/output from/to the smart card COB and the flash memory COB and supply of power, wherein the central processing unit performs control such that a program or content stored in the flash memory is read and displayed on the display means, and wherein the display COB and the smart card COB are integrated and mounted in a single card.

[5] The card according to claim 3 or 4, wherein the smart card COB includes a predetermined Integrated Circuit (IC) chip and eight contact points based on ISO7816 standards.

[6] The card according to claim 3 or 4, wherein: the flash memory COB is provided to be divided into a bank or stock area and a user area; the bank or stock area includes one or more of a certificate, a One Time

Password (OTP) generation program, and an electronic bankbook, and is not accessible by persons other than a specific user; and the user area includes folders for music, movies, pictures, documents and an address book, and other folders, and is configured to be deleted, added or edited through a touch screen or a manipulation switch on the display means, a dedicated reader for the card, or a computer.

[7] The card according to claim 3 or 4, wherein the flash memory COB includes a bank or stock area, in which one or more of a certificate for financial transactions and a One Time Password (OTP) generation program are included, thus allowing a holder of the card to perform Internet banking and electronic commerce.

[8] The card according to claim 7, wherein a password generated by the OTP generation program is displayed on the display means.

[9] The card according to claim 6, wherein: the electronic bankbook is configured such that details of account transactions and details of use of a bank card are electronically recorded, and are automatically or manually updated with recent data through an Internet website of a relevant bank using a computer connected to the card, or through an Automated Teller Machine (ATM) connected to the card; and content of the electronic bankbook is displayed on the display means.

[10] The card according to claim 6, wherein information of the user area is backed up in such a way that a folder identical to a relevant folder present in the user area is automatically formed in the computer when the computer is connected to the card.

[11] The card according to claim 6, wherein the flash memory further includes a card provider management area in which a program required to access a homepage of a relevant card provider or a service program of the relevant card provider is stored.

[12] The card according to claim 6, wherein: when the card is a stock exchange card, the bank or stock area includes therein a program and a certificate for enabling stock inquiry and stock exchange, thus enabling stock exchange and electronic commerce to be performed over an Internet, and when the card is connected to the computer through a reader connected to the card, the holder of the card automatically logs into his or her account, so that account information about stocks, funds and investment information of the holder is displayed on the display means.

[13] A reader for allowing the card according to claim 3 to be inserted thereinto or connected thereto, comprising: a socket including connection terminals so that the reader can be simultaneously connected to one or more of the smart card COB, the display COB and the flash memory COB, wherein the reader charges the battery for charging.

[14] The reader according to claim 13, wherein, when the reader records or reads information requiring protection among pieces of information of the card, the information is recorded or read using the reader's own application program.

[15] The reader according to claim 14, wherein the application program is configured to read unique information of the card from the smart card COB, and is used to record or read the information requiring protection from among all the information of the card.

[16] The reader according to claim 15, wherein the application program is configured to access a service server, capable of determining whether an incident concerning the card has occurred and to acquire information about occurrence of the incident, using the unique information of the card read from the smart card COB.

[17] The reader according to claim 14, wherein the application program is configured to encrypt and record relevant information requiring protection from among all the information of the card using an encryption table generated using characteristics of bad blocks of the flash memory COB at a time of recording the information requiring protection.

[18] The reader according to claim 17, wherein the application program is configured to decrypt and read the encrypted information using an encryption table generated using characteristics of bad blocks of the flash memory COB at a time of reading the encrypted information.

[19] The reader according to claim 14, wherein the application program is configured to access a service server capable of determining whether an incident concerning the card has occurred and acquire information about occurrence of the incident, using an encryption table generated using characteristics of bad blocks of the flash memory COB.

[20] The reader according to claim 19, wherein the application program is configured to delete part or all of information stored in the card or to automatically report an Internet access address used to access the Internet depending on incident type.

[21] A method of paying electronic money using the reader according to any one of claims 13 to 20 to which the card according to claim 3 is inserted or is connected, comprising the steps of: inputting a payment amount based on details of a purchased product or electronic commerce to the reader; the reader accessing a center for managing the card in a wired or wireless manner; the reader receiving payment amount approval data based on the payment amount from the center and recording the payment amount approval data on the card; taking the card out of the reader and inserting the card into a second reader on a side on which a product is sold or electronic commerce is performed; the second reader accessing the center for managing the card in a wired or wireless manner; accumulating an amount of money corresponding to the payment amount in an account on a basis of the payment amount approval data in the center; and deleting the payment amount approval data.

[22] An art card connected to a display frame device and configured to store multimedia data to be displayed, comprising: a certificate configured to verify that a relevant artwork is an authentic work of an artist; a flash memory Chip On Board (COB) in which digital multimedia data is encrypted and stored; and a contact point configured to be connected to the display frame device.

[23] The art card according to claim 22, wherein an encryption key is generated using information about bad blocks of the flash memory COB, and the multimedia data is encrypted and recorded on a basis of the encryption key.

[24] A display frame device connected to the art card according to claim 23, and configured to decrypt and read the encrypted multimedia data using the information about the bad blocks of the flash memory COB and to display the decrypted multimedia data on the display means.

[25] The display frame device according to claim 24, further comprising a voice reproduction unit for reproducing voice information.